We performed a comparison between Seeker and SonarQube based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Testing (AST)."A significant advantage of Seeker is that it is an interactive scanner, and we have found it to be much more effective in reducing the amount of false positives than dynamic scanners such as AppScan, Micro Focus Fortify, etc. Furthermore, with Seeker, we are finding more and more valid (i.e. "true") positives over time compared with the dynamic scanners."
"Before you even compile, it can catch known vulnerability issues or patterns."
"My focus is mainly on the DevOps pipeline side of things, and from my perspective, the ease of use and configuration is valuable. It is pretty straightforward to take a deployment pipeline or CI/CD pipeline and integrate SonarQube into it."
"The SonarQube dashboard looks great."
"Improve the code coverage and evaluates the technical steps and percentage of code being resolved."
"It is an easy tool that you can deploy and configure. After that you can measure the history of your obligation and integrate it with other tools like GitLab or GitHub or Azure DevOps to do quality code analysis."
"It is very good at identifying technical debt."
"The most valuable features are the dashboard reports and the ease of integrating it with Jenkins."
"We have worked with the support from SonarQube and we have had good experiences."
"One area that Seeker can improve is to make it more customizable. All security scanning tools have a defined set of rules that are based on certain criteria which they will use to detect issues. However, the criteria that you set initially is not something that all applications are going to need."
"From a reporting perspective, we sometimes have problems interpreting the vulnerability scan reports. For example, if it finds a possible threat, our analysts have to manually check the provided reports, and sometimes we have issues getting all the data needed to properly verify if it's accurate or not."
"The solution is a bit lacking on the security side, in terms of finding and identifying vulnerabilities."
"If the product could assist us with fixing issues by giving us more pointers then it would help to resolve more of the warnings without such a commitment in terms of time."
"A robust credential scanner would be a huge bonus as it would remove the need for yet another niche product."
"We previously experienced issues with security but a segregated security violation has been implemented and the issues we experienced are being fixed."
"The reporting can be improved."
"I have found this solution creates more noise than competitors."
"SonarQube could be improved with more dynamic testing—basically, now, it's a static code analysis scan. For example, when the developer writes the code and does the corresponding unit test, he can cover functional and non-functional. So the SonarQube could be improved by helping to execute unit tests and test dynamically, using various parameters, and to help detect any vulnerabilities. Currently, it'll just give the test case and say whether it passes or fails—it won't give you any other input or dynamic testing. They could use artificial intelligence to build a feature that would help developers identify and fix issues in the early stages, which would help us deliver the product and reduce costs. Another area with room for improvement is in regard to automating things, since the process currently needs to be done manually."
Seeker is ranked 24th in Application Security Testing (AST) with 1 review while SonarQube is ranked 1st in Application Security Testing (AST) with 110 reviews. Seeker is rated 7.0, while SonarQube is rated 8.0. The top reviewer of Seeker writes "More effective than dynamic scanners, but is missing useful learning capabilities". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Seeker is most compared with Synopsys API Security Testing, Coverity, Contrast Security Assess, Polaris Software Integrity Platform and Checkmarx One, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.